Troubleshooting PXE boot issues in Configuration Manager 2012

What does this guide do?Helps administrators diagnose and resolve PXE boot failures in System Center 2012 Configuration Manager(ConfigMgr 2012 or ConfigMgr 2012 R2).

Who is it for?Administrators who help diagnose and resolve PXE boot issues.

How does it work?We’ll begin by explaining some background information about PXE. Then we’ll take you through a series of troubleshooting steps that are specific to your situation.

Estimated time of completion:15-30 minutes.

1

Understanding PXE Boot and Configuration Manager

PXE boot in System Center 2012 Configuration Manager (ConfigMgr 2012 or ConfigMgr 2012 R2) enables administrators to easily access the Windows Preinstallation Environment (WinPE) across the network via the Preboot Execution Environment (PXE). PXE is an industry standard created by Intel that provides pre-boot services within the devices firmware that enables devices to download network boot programs to client computers.

Configuration Manager relies on the Windows server role Windows Deployment Services (WDS) via the WDS PXE provider. In ConfigMgr 2012, the SMS PXE provider (SMSPXE) registers with the WDS service and supplies the logic for the PXE client requests.

Before troubleshooting PXE related problems in ConfigMgr 2012, it is important to understand the basic processes involved, how they work and how they interoperate with each other. This troubleshooter assumes you possess an understanding of these processes, however if you would like a general overview you can select that option below or you can continue on straight to troubleshooting.

Let’s go through the PXE overview

Let’s get straight to the troubleshooting

0

Understanding PXE Boot and Configuration Manager

PXE boot in System Center 2012 Configuration Manager (ConfigMgr 2012 or ConfigMgr 2012 R2) enables administrators to easily access the Windows Preinstallation Environment (WinPE) across the network via the Preboot Execution Environment (PXE). PXE is an industry standard created by Intel that provides pre-boot services within the devices firmware that enables devices to download network boot programs to client computers.

Configuration Manager relies on the Windows server role Windows Deployment Services (WDS) via the WDS PXE provider. In ConfigMgr 2012, the SMS PXE provider (SMSPXE) registers with the WDS service and supplies the logic for the PXE client requests.

Before troubleshooting PXE related problems in ConfigMgr 2012, it is important to understand the basic processes involved, how they work and how they interoperate with each other. This troubleshooter assumes you possess an understanding of these processes, however if you would like a general overview you can select that option below or you can continue on straight to troubleshooting.

Let’s go through the PXE overview

Let’s get straight to the troubleshooting

0

PXE Service Point Installation

We will first look at the processes involved in the installation of the SMSPXE provider. In all instances in this document we are using System Center 2012 Configuration Manager R2 Cumulative Update 2 (ConfigMgr 2012 R2 CU2) and a remote site system installed on Windows Server 2012 with the Distribution Point (DP) role installed.

First, installation is initiated by selecting the Enable PXE support for clients option on the PXE tab of the Distribution Point properties. When PXE support is enabled, an instance of SMS_SCI_SysResUse class is created.

In the WMI namespace Root\SMS\Site_RR2 (where RR2 is the site code of the site), the SMS_SCI_SYSResUse class contains all the site systems roles on the primary site server. You can run the following query in WBEMTEST to identify all the DPs on that site server:

SELECT * FROM SMS_SCI_SysResUse WHERE rolename like 'SMS Distribution Point'

Changing the properties of these roles via the SDK will alter the site control file and configure the DP. The IsPXE property name is a member of the props property and is set to 1 when the DP is PXE enabled.

The SMS Database Monitor component detects the change to the DPNotificaiton and DistributionPoints tables and drops files in distmgr.box:

The Distribution Manager component on the primary site server then initiates the configuration of the remote DP:

ConfigureDPSMS_DISTRIBUTION_MANAGER04/09/2014 11:30:263776 (0x0EC0)IISPortsList in the SCF is "80".SMS_DISTRIBUTION_MANAGER04/09/2014 11:30:263776 (0x0EC0)IISSSLPortsList in the SCF is "443".SMS_DISTRIBUTION_MANAGER04/09/2014 11:30:263776 (0x0EC0)IISWebSiteName in the SCF is "".SMS_DISTRIBUTION_MANAGER04/09/2014 11:30:263776 (0x0EC0)IISSSLState in the SCF is 448.SMS_DISTRIBUTION_MANAGER04/09/2014 11:30:263776 (0x0EC0)DP registry settings have been successfully updated on RemoteDp.contoso.comSMS_DISTRIBUTION_MANAGER04/09/2014 11:30:263776 (0x0EC0)ConfigurePXESMS_DISTRIBUTION_MANAGER04/09/2014 11:30:263776 (0x0EC0)

In the SMS DP Provider log on the remote DP we can see the following information about the PXE install, where initially the PxeInstalled reg key is not found:

The Distribution Point should now be PXE enabled and ready to accept incoming requests.

Next step: Adding boot images to the PXE enabled DP

That’s enough with the overview, let’s get on with the troubleshooting

0

Adding Boot Images to a PXE Enabled DP

Whenever a new PXE enabled Distribution Point has been configured, there are additional steps that need to be completed to enable full functionality. One of these is that you must distribute the x86 and x64 boot images to the new PXE enabled DP. To do this, navigate to Software Library -> Operating Systems -> Boot Images -> Boot Image (x86) then right-click and select Distribute Content -> Add the Boot Image to the PXE enabled DP.

Repeat this process for Boot Image (x64).

Once this has been done, Distribution Manager will start processing the request and initiate the distribution to the remote DP:

Ensure that these boot images have been configured to deploy from the PXE enabled DP. Right click the boot image and select Properties -> Data Source and select Deploy this boot image from the PXE-enabled distribution point.

Next step: The PXE boot process

That’s enough with the overview, let’s get on with the troubleshooting

0

The PXE Boot Process

The example boot process described here involves three machines: The DHCP server, the PXE enabled DP and the client (an x64 BIOS computer). All are located on the same subnet.

In the PXE boot process, the client must first acquire TCP/IP parameters and the location of the TFTP boot server. Once a device is powered on and completes the POST, it will begin the PXE boot process (usually prompted via the boot selection menu).

The first thing the PXE firmware will do is send a DHCPDISCOVER(a UDP packet) broadcast to get TCP/IP details. This will include a list of parameter requests, and below is a sample network trace with the parameter list from a DHCPDISCOVER packet:

The PXE client then identifies the vendor and machine specific information so that it can request the location and file name of the appropriate boot image file.

The DHCP server and the PXE enabled DP then sends a DHCPOFFER to the client containing all of the relevant TCP/IP parameters. In the example DHCP offer below, note that it does not contain the server name or boot file information because this is the offer from the DHCP server rather than the PXE enabled DP.

The client then replies with a DHCPREQUEST once it has selected a DHCPOFFER. This contains the IP address from the offer that was selected.

The DHCP server responds to the DHCPREQUEST with a DHCPACK which contains the same details as the DHCPOFFER. The server host name and the boot file name are not provided here:

At this point we still don’t have the boot file information, however now the client has an IP address. The PXE client next sends a new DHCPREQUEST to the PXE enabled DP after also receiving a DHCPOFFER from the earlier DHCPDISCOVER broadcast.

The PXE enabled DP sends a DHCPACK which contains the BootFileName location and the WDS network boot program (NBP).

Next step: Downloading the boot files

That’s enough with the overview, let’s get on with the troubleshooting

0

Downloading The Boot Files

Once the DHCP conversation has completed, the client will start the TFTP session with a read request:

The server responds with the tsize and then the blksize. The client will then transfer the file from the server.

NOTE The size of these blocks is the blksize, and in this case it is set to 1456 bytes. The blksize is configurable on Windows Server 2008 and up. See the following Knowledge Base article for more details:

Here we can see the end of the DHCP conversation and the start of the TFTP transfer:

When the WDS network boot program (NBP) has been transferred to the client computer, it will be executed. In our example it starts by downloading wdsnbp.com. The NBP dictates whether the client can boot from the network, whether the client must press F12 to initiate the boot and which boot image the client will receive.

NBPs are both architecture and firmware specific (BIOS or UEFI). On BIOS computers the NBP is a 16-bit real-mode application, therefore it is possible to use the same NBP for both x86-based and x64-based operating systems.

In our case (an x64 BIOS machine), the NBP is located in the following directory on the PXE enabled DP: \\remotedp\c$\RemoteInstall\SMSBoot\x64

The files perform the following functions: PXEboot.com – x86 and x64 BIOS: Requires the end-user to press the F12 key for PXE boot to continue (this is the default NBP). PXEboot.n12 – x86 and x64 BIOS: Immediately begins PXE boot (does not require pressing F12 on the client). AbortPXE.com – x86 and x64 BIOS: Allows the device to immediately begin booting by using the next boot device specified in the BIOS. This allows for devices that should not be booting using PXE to immediately begin their secondary boot process without waiting for a timeout.

Bootmgfw.efi – x64 UEFI and IA64 UEFI: The EFI version of PXEboot.com or PXEboot.n12 (in EFI, the choice of whether or not to PXE boot is handled within the EFI shell and not by the NBP). Bootmgfw.efi is the equivalent of combining the functionality of PXEboot.com, PXEboot.n12, abortpxe.com and bootmgr.exe.

wdsnbp.com – x86 and x64 BIOS: A special NBP developed for use by Windows Deployment Services that serves the following general purposes: ◦Architecture detection◦Pending devices scenarios

Wdsmgfw.efi – x64 UEFI and IA64 UEFI: A special NBP developed for use by Windows Deployment Services that serves the following general purposes: ◦Handles prompting the user to press a key to continue PXE boot◦Pending devices scenarios

The NBP downloads the operating system loader and the boot files via TFTP, which include the following: ◦ smsboot\x64\pxeboot.com ◦ smsboot\x64\bootmgr.exe◦ \SMSBoot\Fonts\wgl4_boot.ttf◦ \SMSBoot\boot.sdi◦ \SMSImages\RR200004\boot.RR200004.wim

A RAMDISK is created using these files and the WinPE WIM file in memory.

The client boots from the RAMDISK.

Next step: WinPE boot

That’s enough with the overview, let’s get on with the troubleshooting

0

WinPE Boot

Once WinPE has booted, the TS boot shell is initiated from the SMS folder that is included in the WinPE image (this folder is injected into the boot WIM when it is imported into Configuration Manager). You can see this process logged in SMSTS.log which is located in X:\Windows\Temp\SMSTS\. TIP:To access this log in WinPE, enable the command prompt on the boot image. You can do this by right-clicking Boot Image -> Properties -> Customization -> and checking Enable command support (testing only). You can then access the command prompt by pressing F8 in WinPE. Here is the initial TS boot shell process:

I’m done. After going through the overview I think I can skip the troubleshooting part

Let’s go on to the troubleshooting

0

Checking Common Issues

Before beginning any troubleshooting on the PXE Service Point, review the KB articles below to see if the issues discussed could possibly be causing your issue. Note that this is not an exhaustive list, however it does contain some of the more common issues seen.

Verify IP Helpers

If the DHCP server, the client computer, the ConfigMgr 2012 server running Windows Deployment Services (WDS) and the PXE enabled Distribution Point (DP) are all on the same subnet or VLAN then IP Helpers are not required. Otherwise, if either the DHCP server, the client computer, or the ConfigMgr 2012 server running WDS and the PXE enabled DP are on separate subnets or VLANs, which is usually the case in most environments, IP Helpers must be configured on the routers. This process varies and is dependent on the router hardware manufacturer, however a general overview is outlined in the TechNet article below:

IF additional information is needed for properly configuring IP Helpers on your routers, please contact the hardware manufacturer of the router.

IP Helpers are necessary because the PXE request generated by the client computer is a broadcast that does not travel outside of the local subnet or VLAN. If the DHCP server and/or the WDS/PXE enabled DP are not on the same subnet or VLAN as the client computer, they will not see or hear the PXE request broadcast from the client, thus the servers will not respond to the PXE request. To have the PXE request broadcast traverse between subnets or VLANs, the PXE request broadcast needs to be forwarded by the router to DHCP and WDS/PXE Service Point servers so that they can properly respond to the client’s PXE request.

An alternative to using IP Helpers is setting DHCP options on the DHCP server, specifically DHCP ptions 60 (PXE Client), 66 (Boot Server Host Name), and 67 (Boot file Name). However, DHCP options can be problematic and may not work reliably or consistently. Furthermore, the use of DHCP options to control PXE requests in ConfigMgr 2012 is not supported by Microsoft. Therefore, the recommended and supported method for PXE booting client computers that are on remote subnets is by use of IP Helpers.

IMPORTANT Before continuing, it is imperative that you verify that the routers have IP Helpers configured AND that the DHCP server does NOT have DHCP Options 60, 66, or 67 configured. Not meeting both of these criteria will cause problems with the PXE Service Point. When checking DHCP options, make sure to check options at both the server and scope levels.

Note that in certain instances, configuring DHCP options 60, 66, and 67 may make it appear that the PXE boot process is proceeding further along than before these options were configured, however in most cases it is simply proceeding further down an incorrect path.

IMPORTANT The only exception where a DHCP Option needs to be used is when DHCP and WDS reside on the same server. In this instance, DHCP Option 60, and only DHCP Option 60, needs to be set. DHCP Options 66 and 67 should still NOT be set in this scenario. This is detailed in the next section titled Co-hosting DHCP and WDS on the Same Server.

Did this solve your problem?

Yes

No

0

Special Consideration When Co-Hosting DHCP and WDS on the Same Server

When DHCP and WDS are co-hosted on the same computer, WDS needs a special configuration so that it can listen on a specific port. This configuration is outlined in the following TechNet article under the section Windows Deployment Service and Dynamic Host Configuration Protocol (DHCP) .

Note that according to the article above, the following two actions need to be completed when WDS and DHCP are co-hosted on the same server:

The value UseDHCPPorts needs to be set to 0 in the following registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDSPXE

You need to run the following WDS command:WDSUTIL /Set-Server /UseDHCPPorts:No /DHCPOption60:Yes

However, a problem with the above recommendations is that in order to run the WDSUTIL command, WDS has to be configured. This goes against the best practice of NOT configuring WDS when installing a ConfigMgr PXE enabled DP, however the two settings being specified via the WDSUTIL command (UseDHCPPorts and DHCPOption60) can be configured using alternate methods that do not require the WDSUTIL command, and therefore do not require that WDS be configured. To configure these settings without having WDS enabled, complete the following steps:

The UseDHCPPorts switch for WDSUTIL is actually the equivalent of setting the registry key UseDHCPPorts to a value of 0 in the following location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDSPXETherefore, using the UseDHCPPorts switch is not needed as long as the registry key has been manually set as described above. Please note that if WDS has not been installed, this registry key may not be present.

The DHCPOption60 switch configures an option for the DHCP service, not the WDS service, therefore instead of using WDSUTIL to set this DHCP option, an equivalent DHCP command can be used to set the same option. This can be done by using the netsh command as described in the following MSDN article: http://msdn.microsoft.com/en-us/library/dd128762(WinEmbedded.51).aspx

To summarize what’s in the article above, close any DHCP consoles that are open and then run following two commands from an elevated command prompt (Run As Administrator):

where <DHCP_server_machine_name> is the name of the DHCP/WDS server (without the brackets <>).

These two commands set up and enable DHCP Option 60 on a DHCP server. If after running the above two commands an option named Unknown is displayed in the DHCP console instead of 060 PXE Client, reboot the server so that these settings can take effect. After the reboot, the option should display correctly. This usually only occurs if a DHCP console was left open when the two commands were run.

NOTE If DHCP is ever moved to another server and removed from the server hosting WDS, the steps above need to be reversed. To reverse the above steps, complete the following on the WDS server:

From an elevated command prompt, run the following two commands: netsh dhcp server \\<DHCP_server_machine_name> delete optionvalue 60 netsh dhcp server \\<DHCP_server_machine_name> delete optiondef 60 PXEClientwhere <DHCP_server_machine_name> is the name of the DHCP/WDS server (without the brackets <>).

In the two commands above, the first disables DHCP option 60 while the second removes DHCP option 60 completely.

Did this solve your problem?

Yes

No

0

Troubleshooting DHCP Discovery

There are a number of important points to consider before starting to troubleshoot the initial DHCP discovery stage of the PXE booting process:

If you can’t see the MAC address or the DHCPREQUEST of the device you are attempting to boot in SMSPXE.log then there is a likely a router configuration issue between the client and the Distribution Point (DP).

Do not use DHCP options 60, 66 and 67, this is not supported.

Test whether the device can boot when plugged into a switch on the same subnet as the PXE enabled DP. If so the issue is likely with the router configuration.

Ensure the DHCP (67 and 68), TFTP (69) and BINL (4011) ports are open between the client computer, the DHCP server and the PXE DP.

At this stage of the process there are no logs to refer to, but usually when the PXE boot process fails before WinPE has booted a PXE error code will be displayed. Examples of the errors you might see include the following:

PXE-E51: No DHCP or proxyDHCP offers were received.

PXE-E52: proxyDHCP offers were received. No DHCP offers were received.

This will help narrow down the focus of the troubleshooting, although it may be necessary to capture a network trace of the issue with a network monitoring tool such as Netmon or WireShark. The network monitoring tool will need to be installed on the PXE enabled DP and a computer connected to a mirrored port on the switch. For more details on configuring mirrored ports, please refer to the manual provided by the manufacturer of the specific switch or routing device.

The typical procedure is to start the network traces on both the DP and the machine connected to the mirrored port and then attempt to boot the device via PXE. Once completed, stop the trace and save it for further analysis. Here is a sample trace of a DHCP conversation captured from the PXE enabled DP:

You can see that the initial DHCPDISCOVER by the PXE client is followed by a DHCPOFFER from the DHCP server and the PXE DP. The request from the client (0.0.0.0) is made and then acknowledged by the DHCP server (10.238.0.14). Once the PXE client has an IP address(10.238.0.3) it sends a request to the PXE DP (10.238.0.2) which acknowledges it with the network boot program details.

Capture a simultaneous network trace on the client and the DP to see if the conversation is occurring as expected.

Ensure that the DHCP services are running and available.

Verify that the WDS service is running on the DP.

Make sure there are no firewalls blocking the DHCP ports between the server and the client.

Verify that the client computer is able to boot when on the same subnet as the DP.

Ensure IP Helpers are configured correctly if booting from a different subnet than the DP.

Did this solve your problem?

Yes

No

0

Troubleshooting TFTP Transfer

If the error on PXE boot refers to TFTP then you likely have a problem transferring the boot files. Examples of these errors include:

Verify that the WDS service is started on the Distribution Point (DP).

Ensure that the TFTP port is open between the client computer and the DP.

Verify that the permissions on the REMINST share/folder are correct.

Check the WDS logs for additional TFTP errors.

Verify that the RemoteInstall\SMSBoot\x86 and \x64 folders contain the following files:﻿

The fonts exist in SMSBoot\Fonts:

The boot.sdi file exists in the RemoteInstall\SMSBoot directory:

Did you solve your problem?

Yes

No

0

WinPE Boot Issues - Drivers

The most common issues that occur during this phase are driver related. On the whole, the latest version of WinPE contains the vast majority of network and mass storage drivers, however there will be occasions where a needed driver is not included and thus it needs to be imported into the boot WIM. There are a couple of important points to note here regarding this:

Only import the drivers you need. Don’t simply import every driver you have into the boot image.

Only consider adding NIC or mass storage drivers. It is not necessary to include other drivers.

The SMSTS.log file (located in X:\Windows\temp\SMSTS) is the most useful resource to troubleshoot these issues (remember to enable the command prompt during boot so you can examine this file). If you do not see a line logged with a valid IP address similar to the one below then you probably have a driver issue:

To confirm this, simply press F8 and run IPCONFIG at the command prmpt to determine whether the NIC is recognized and if it has an IP address. WIM Files Also make sure both x86 and x64 boot images exist on the Distribution Point. You can see the WIMs in the following directory (they will also be in the content library):C:\RemoteInstall\SMSImages\<PackageID>

Ensure that they have been marked Deploy this boot image from the PXE-enabled distribution point in the properties of the boot image.

Did this solve your problem?

Yes

No

0

Configuration Manager Policy Issues

Another common issue with PXE booting is with Task Sequence deployments. In the example below, the Task Sequence is deployed to an unknown computer but it is already in the database. The first symptom is that the PXE boot is aborted:

Upon further investigation you will notice the following in SMSPXE.log:

We can see here that when the NBS stored procedures ran, they found no available policy and thus the boot action was aborted. The reverse can also be true (i.e. when a machine is unknown but the Task Sequence is deployed is to a collection of known machines).

Troubleshooting steps to try:

Verify that the computer you are attempting to boot exists in a collection that is targeted with a Task Sequence deployment.

Ensure that you have checked the Enable unknown computer support PXE setting on the Distribution Point.

If you are deploying the Task Sequence to unknown machines, verify that the computers do not already exist in the database.